Comments on: Identity Theft Attacks

By: Abhinav Vaid

Abhinav Vaid — Sat, 04 Apr 2009 18:55:52 +0000

As a rule of thumb, I think one should should never ever disclose any personal information over the phone irrespective of what the caller says/claims. The only exception could be if you’ve identified the no (caller id), & hence know the caller.

Although giving ssn’s or credit card numbers (especially the later one is like giving a blank cheque to a professional cheat.

By: pagvac

pagvac — Sun, 22 Feb 2009 16:41:28 +0000

sometimes credit card DBs get compromised, but the PANs are split across different DBs as a defense in depth mechanism. This is why in some carding forums you can only buy partial credit card #s. The reason why scammers buy them is because it allows them to perform targeted attacks where the victim feels the attacker is a legitimate entity because some info is previously known (even if that info is not complete). Think of customized phishing over email and phone.

By: Hugh

Hugh — Sat, 14 Feb 2009 06:10:24 +0000

I concur that problem is in the process, but perhaps the best defense is to avoid the temptation of giving personal information on the phone unless you can verify the ligitimacy of the person at the other end

By: Shoaib Yousuf

Shoaib Yousuf — Tue, 10 Feb 2009 22:47:22 +0000

Recently i was investigating a case, in which scammer sent out a Paypal phishing email to a user, user was fooled and he gave out all his details except his credit card numbers. Scammer rang the user as he got all the details from the phishing email, pretending a call from Paypal. He mentioned, we sent out you an email but unfortunately you didn’t provide a valid credit card number, user thought this is legitmate call and he gave his credit card details.

After one month, he noticed 3k fraudulent charges on this credit card plus he lost his identity.

Shoaib

By: TroyC

TroyC — Tue, 10 Feb 2009 21:37:44 +0000

Perhaps ask the caller to send a digitally signed email. Another option could be to provide you with a piece of your information that noone else would know. A simple right or wrong scenario. The caller would ask is your first three SSNs are ###? If they are not, hang up. If they are, proceed. Personally I like the digitally signed email better.

By: pdp

pdp — Tue, 10 Feb 2009 21:30:24 +0000

absolutely!

By: David Kierznowski

David Kierznowski — Tue, 10 Feb 2009 17:24:24 +0000

There is a currently a targetted scam in UK where the chaps phoning you already have your address and part of your bank details.

Its so much easier to fall into this trap if the guys on the phone already know a fair bit about you before you even start the conversation.

By: Identity Theft Attacks | GNUCITIZEN | identitythefthelp.info

Identity Theft Attacks | GNUCITIZEN | identitythefthelp.info — Sun, 08 Feb 2009 16:37:51 +0000

[...] Identity Theft Attacks | GNUCITIZENSHARETHIS.addEntry({ title: “Identity Theft Attacks | GNUCITIZEN”, url: “http://www.identitythefthelp.info/articles-concerning-identity-theft/identity-theft-attacks-gnucitizen/52″ }); [...]

By: Identity Theft Attacks | GNUCITIZEN | Identity Theft Facts and Figures

Identity Theft Attacks | GNUCITIZEN | Identity Theft Facts and Figures — Sat, 07 Feb 2009 19:28:30 +0000

[...] Identity Theft Attacks | GNUCITIZENSHARETHIS.addEntry({ title: “Identity Theft Attacks | GNUCITIZEN”, url: “http://www.identitytheftfactsandfigures.info/2009/02/07/identity-theft-attacks-gnucitizen/” }); [...]